The MSPCV examination, based on the control objectives of the United Certification Standard (USC) for Cloud and Managed Services Providers, is a rigorous, annual certification process that benchmarks and verifies the quality of the company providing cloud and/or managed services.

The certification includes a written report of the operating effectiveness of the service organization's controls as examined by an independent third-party public accounting firm. The MSPCV has been reviewed by governmental agencies and regulatory bodies across the globe and is used and accepted in 5 continents around the world.

“We are proud to achieve the MSPCV Certification along with a Report Addendum for Financial Services in the United States,” stated Michael Miller, President, CSR Enterprise Networks. “This is an affirmation of CSR Enterprise Networks quality assurance and a stamp of trust and reliability for current and potential clients that their Information Technology infrastructure under CSR Enterprise Networks management is well controlled and managed. For regulated clients requiring greater transparency and assurances, this certification will assist in showing auditors and regulators appropriate due diligence.”

ABOUT MSPAlliance: MSPAlliance® is a global industry association and accrediting body for the Cyber Security, Cloud Computing and Managed Services Provider (MSP) industry. MSPCV was created, using a wide base of criteria, to certify Cloud and Managed Service Providers thereby ensuring customers who select a company that is MSPCV certified that their service provider has met and exceeded the following 10 control objectives:

Corporate Risk Management

Policies and Procedures

Confidentiality and Privacy

Change Management

Service Operations Management

Information Security

Data Management

Physical Security

Managed Services SLA, Reporting, and Billing

Corporate Health

ABOUT CSR Enterprise Networks (CSR) Incorporated in 1992, CSR is headquartered in Williamsport, PA. As a nationally recognized Managed Service Provider (MSP), CSR offers a comprehensive and scalable Information Technology (IT) management strategy for businesses and organizations that operationally rely on IT. CSR's mature, metrics-driven IT services enable thousands of Client’s employees and their customers to conduct business each day. For Clients without an IT staff, CSR serves as their entire IT department freeing up staff to focus on their business, not IT headaches. For Clients with an IT staff, CSR seamlessly integrates with their existing IT Department, augmenting areas that need more attention or advanced skills. CSR also designs, plans, and implements IT projects of all sizes, from small and simple to large and complex.

Ransomware has been one of the most widespread and common security issues over the past several years. It has affected both businesses and home users at an alarming rate. We'd like to address this and provide some guidance on how to protect yourself against ransomware and what to do if your machine does become infected.

What is ransomware?

Ransomware is a type of malware that typically spreads through email, but also via Peer-to-Peer networks and infected websites.

There are many variants (e.g. CrytoLocker, Cryptowall, KeRanger (OS X)) and it is constantly evolving to evade detection.

Once a machine is infected, its files are encrypted and the user is presented with a notice telling them that they need to pay a ransom to unlock their files. Oftentimes the request is for Bitcoins to be sent to a particular location. Accusations of the computer being used for illegal activity may also be included in these warnings to scare the user into complying with the request.

An infected machine will encrypt files on any network drive it has access to. This means all users who access that network drive will be affected by the infection.

Traditionally ransomware has been a trojan, which is something that appears to be a legitimate file but in reality is malware. More recently there have been worm variants that are spreading across LANs.

Ransomware will commonly appear as a Word Document (.doc, .docx) or Excel Spreadsheet (.xls, .xlsx), however it can appear as other file types. If you open these files, this will initiate the infection.

In many cases when running one of these files you'll be asked to approve an administrative action via Windows UAC or OS X authentication. Never approve administrative privileges unless you have launched an application with the intention of modifying the system in some way (i.e. installing an application, modifying system settings, etc.):

How do you protect against ransomware?

First off, be very careful about which attachments you open. Never open an attachment from someone you don't know and be careful with attachments from people you do know. If something looks off about a file, don't open it and contact the person to ask if it's something they've sent. It's possible their computer is infected and the malware is harvesting their address book to spread itself.

Never send or open executable files (.EXE) via email. Rarely is it needed to send .EXE files directly. A better way to handle this is to send a link to the website hosting the file, or to use a file sharing service like Dropbox.

Consider using a user account without administrative privileges. If this isn't an option, be very careful about granting administrative privileges to applications (see above screenshots).

Most importantly, back up your data:

While the above steps will greatly reduce your risk of becoming infected with ransomware or some other type of malware, nothing is foolproof because malware is continually evolving.

Backups should be stored both locally and in the cloud to ensure your data is always available when needed.

Replication alone is not backup. If ransomware encrypts files that are replicated, the encrypted files will in turn be replicated.

For this reason, the backup should have the ability to keep point in time snapshots. We recommend keeping snapshots for up to about a year.

CSR's Backup and Disaster Recovery (BDR) solution goes one step further. It allows for a copy of a server to be run either locally or in the cloud if the server is disrupted for some reason.

What to do if your computer becomes infected with ransomware?

Hopefully you've followed the steps laid out above.

If you have a valid backup of your data, make sure you have copies of all of your software licenses / installation media and then reformat your PC, reinstall the OS and restore your backup files.

We recommend starting fresh because once a machine has become infected with a virus, it can't be trusted again. You have no way of knowing what was done by the malware.

If you don't have a backup.

There isn't much that can be done. Your data is encrypted and is irretrievable unless you pay the ransom, which isn't recommended.

Hopefully these steps will help keep you protected from ransomware or at least prepared in case of an infection. If you have any questions or if there's anything we can help with, please free to contact us.

]]>Browser SecurityCharles SiegelFri, 26 Jun 2015 16:06:59 +0000https://www.csrinc.com/blog/2015/6/26/browser-security54f8b9dee4b0d74787ce11ee:54f8d43ae4b0b9f404fa7a13:558d5688e4b047b6f98aeb5cThe browser has become the most important application on our computer. It connects us to the internet and morphs to perform almost any function we ask it to, whether it be compose an email, read the news, run a web app, shop, or read Facebook. It is critically important that our browser be as secure as possible, because in recent years it's become possible for a computer to be infected with malware just by visiting a website.

This post will go over some current threats that can propagate via your browser, and steps you can take to protect yourself.

First off, it has recently come to light that not all browser developers necessarily have your best interest in mind. It was discovered that under certain circumstances, Google Chrome is by default, capturing audio from your computer's microphone and sending it back to Google for analysis to enable "keyword" voice search features, such as "OK, Google." The trouble is that because they've implemented voice analysis server side and not locally, in order for them to be able to hear the keyword, all of this data has to be sent back to Google for analysis. Google has responded to these claims and is claiming it's opt in, but researchers are saying otherwise.

Our advice is don't use Chrome, instead use Firefox or if you're using a Mac, use Safari. Also, try out DuckDuckGo which is a search engine that values privacy above all. (We understand that unfortunately a small set of sites still require Internet Explorer, go ahead and use IE for these sites, but use Firefox or Safari for everything else).

Now that you have a secure browser installed, there a few more steps to take to make sure it's setup securely:

Make sure your browser is up to date. All browser developers have begun to automatically deploy updates so you are likely already up to date, but just make sure to approve any available updates as you are prompted to install them.

Browser Plugins like Flash and Java are still major attack vectors within browsers. Just this week Flash had a 0 Day vulnerability which is being actively exploited to spread malware, such as CrytpoWall 3.0. To secure plugins, do the following:

Consider whether you even need them. If they aren't needed, get rid of them. Sites that require Java are becoming rarer and rarer, so it's probably pretty easy to get rid of. Flash may be tougher, but it's is also not as important as it once was because because of HTML5 - even Youtube uses HTML5 Video by default now.

If you do need plugins, make sure they're up to date. You can check your Flash version here and Java here. Both of these have settings in the Control Panel that allow you to make sure they are automatically being updated - this is most likely enabled, it's been the default for a while.

Firefox and Safari have both begun blocking out of date plugins. If you ever get a notice like the one below it either means your Flash is out of date, or that there is a 0 Day vulnerability out that Firefox has determined is dangerous enough to block the plugin all together.

If you see this, try updating Flash. If there's no update available, hang tight until an update is released (you can whitelist sites in the meantime if needed).

If you really do need Flash but want some additional protection you can install the Flashblock extension on Firefox, or setting the Flash Player to "Block" in "Safari Security / Internet Plug-in" Settings. This will allow you to approve Flash to run on a site by site basis.

Ever notice that after you are on Amazon looking for new patio furniture that you begin to see ads for chairs you were looking at all across the web? That's due to tracking cookies. Tracking cookies are Third-party cookies that get loaded when you visit almost any site now that keeps track of the sites you've visited around the web. This seems to be getting worse and worse every day. Here are some steps you can take to limit this annoying behavior:

Enable the "Do Not Track" feature in your browser and disable 3rd party cookies:

Firefox:

Safari: We've found that the "Allow from current website only" setting in Safari is very effective in preventing this issue.

To take it a step further you can install browser extensions like Ghostery or Adblockplus which block both Trackers and Ads.

It's not a bad idea to clear out cookies periodically, especially after making the above changes (this will remove any saved logins you might have had).

Of course in addition to these items you will want to make sure that you are running an active Anti-Malware application and that your Operating System is fully patched.

These are a few easy steps that you can take to help protect your computer and in turn your your electronic data. If you have any questions or if there's anything we can help with, please free to contact us.

]]>Welcome to our new website!Charles SiegelWed, 15 Apr 2015 18:12:46 +0000https://www.csrinc.com/blog/2015/4/15/welcome-to-our-new-website54f8b9dee4b0d74787ce11ee:54f8d43ae4b0b9f404fa7a13:552ea31ce4b0498e9c4bb904We are very excited to introduce our new website! Our previous website was showing its age and we decided a complete revamp was in order.

As you can see we have a blog on this site. This along with a newsletter will be used to disseminate information about things like security vulnerabilities and other happenings in the IT industry that are important for our clients. We had previously sent out emails for things like this, but we feel this will be a more effective way to get this information out in a timely way.

If you're interested in signing up for our newsletter, you can do so by clicking here and entering your name and email address. The newsletter will be sent out on a periodic basis just to let you know of new security vulnerabilities or other IT related topics that we feel are important. We promise we won't "spam" you via the newsletter. Our goal is to make it an informative tool for our clients and others who are interested.

So, go ahead and look around at let us know what you think! Hopefully you will find our new site useful. As always, if there's something we can help you with, please feel free to give us a call.

]]>Social Engineering - What it is and How to Prevent ItSecurityCharles SiegelTue, 14 Apr 2015 13:14:00 +0000https://www.csrinc.com/blog/2015/14/social-engineering-what-it-is-and-how-to-prevent-it54f8b9dee4b0d74787ce11ee:54f8d43ae4b0b9f404fa7a13:54fd94f1e4b0433313369914

The focus of the IT industry over the past several years has been to lock down networks with whatever tools we have available to us. This includes the use of basic things like firewalls and anti-virus software to more advanced security features like IPS systems, full anti-malware software, Network Threat Monitoring Services, log retention services, hardened server and workstation configurations, comprehensive patching solutions, and Next Generation Firewalls.

Well, the good news is that as an industry we've largely succeeded at that. Networks have never been more secure. Hackers have noticed and they have switched their focus, to something little bit less protected by security technology. That would be your employees. Employees have become the soft underbelly of the security of a company's network. Attacks on employees are made through the use of Social Engineering.

One of the most famous and highest profile incidents of Social Networking is when the technology reporter, Mat Honan had his entire digital identity stolen from him. He was literally watching one device after another be wiped right before his eyes through Apple's good intentioned remote wipe functions built into iCloud. There was nothing he could do at the point because hackers had complete control of his iCloud and other accounts.

The motivation for the attack was to steal his Twitter handle which is apparently desirable because it is very short (@mat). The attackers didn't hack into Twitter or even Honan's firewall to get his account. They hatched an elaborate scheme that involved calling Amazon and Apple to gather information about Mat's accounts, relaying the information that was discovered between the two vendors, eventually gathering enough information to appear to be Honan so that they could request a password reset.

The basic premise of the attack is something called pretexting. This is when you pose as someone else in order to acquire information you have no need to know. Often the person who uses a technique like this will pretend to be under some duress in order to make the person they're talking to think that it is dire that they provide the information, making them ask less questions.

An example of this would be if someone were to call the IT department of a company saying, "Hi, I'm John Smith, I'm out on the road and I'm trying to give a sales presentation for a perspective client. This darn VPN won't connect though and I can't get my PowerPoint presentation! I think my account is locked! Can you please reset my password so I can get into my account! Why does this technology have to be so hard! I'm going to lose this sale because this and my boss is going to have my head!"

Now this could very well be an actual sales person, but it also could be someone trying to social engineer their way into knowledge of a users password. This type of attack obviously won't work at a small company where everyone knows each other, but it would be something that would occur at a larger organization. In cases like this there should be policies in place defining under what circumstances password resets can occur and how they should be completed. There should be some verification steps defined to ensure that the person calling is who they say they are.

It is also important to realize that Social Engineering attacks can occur in person, over the phone, or through email (this is in essence what Phishing is). With that in mind, here are some simple steps that can be taken to attempt to prevent social engineering attacks:

Never provide sensitive personal or company related information to unauthorized individuals.

If you aren't sure who someone is and they claim to be an "authorized individual" take steps to verify their identity first by steps such as:

Ask for ID if in person.

If on the phone ask if you can call them back at their main company number which you look up at the company website.

If via email send them an email directly to an address you are sure is legitimate and request that they respond to it (this is to protect against spoofed sender email).

Always be on the look out for fake domains. Review the domain to ensure that it fully matches what you expect, e.g. contoso.com is not the same as contoso.biz - If you receive an email from a domain that appears just little bit off requesting information, that is likely a social engineering attempt.

Never send sensitive information over insecure means. It should only be provided in person or via secure encrypted communication.

Outside of sensitive information, other seemingly innocuous information, such as your schedule or what Anti-Virus software you use, may be used later to gain more sensitive information. If someone that is unknown to you starts asking for information they have no reason to know, do not provide it to them.

Be careful about which information you post about your company on your website and other public forums. Certain types of information could be used as a seed to begin a pretexting hack against your company.

Be sure not leave sensitive information out at workspaces.

Ensure that sensitive information is securely deposed of.

Be vigilant and be aware that this type of attack exists. If something doesn't seem right, stop the interaction with the individual and bring it to a superior's or the authority's attention.

Regular training should be conducted by IT Management to ensure that all employees within an organization are aware of social engineering and its dangers.